CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

April 26, 2025

CVE ID : CVE-2025-2907

Published : April 26, 2025, 6:15 a.m. | 1 hour, 13 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3906 – Eduzz WooCommerce Unauthorized Data Modification Vulnerability

Next Article CVE-2025-3914 – Airtable Aeropage Sync for WordPress Unauthenticated Arbitrary File Upload Vulnerability

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Revolutionizing earth observation with geospatial foundation models on AWS

Drawing CSS Shapes using corner-shape

Calibre 8.6.0 Delivers Dramatic Database Speed Boost

CVE-2025-53309 – ZealousWeb Contact Form 7 Information Disclosure

Ten Forward – control a NAT-PMP gateway

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

SVAR Svelte 2.2 – Powerful DataGrid & Gantt for Enterprise Apps

CVE-2025-46789 – Zoom Windows Buffer Overflow Denial of Service

CVE-2025-2907 – WordPress Order Delivery Date Plugin Authentication Bypass and CSRF Vulnerability

Related Posts